CWE-1393

Use of Default Password

The product uses default passwords for potentially critical functionality.

Mitigation

Phase: Requirements

Description:

  • Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation

Phase: Documentation

Description:

  • Ensure that product documentation clearly emphasizes the presence of default passwords and provides steps for the administrator to change them.
Mitigation

Phase: Architecture and Design

Description:

  • Force the administrator to change the credential upon installation.
Mitigation

Phases: Installation, Operation

Description:

  • The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page